﻿using BasicModuleWebApiAuthorization.DbConext;
using Microsoft.AspNetCore.Authorization;
using System.Security.Claims;

namespace BasicModuleWebApiAuthorization.Authorization
{
    public class UserPermissionAuthodrizationHandler : AuthorizationHandler<UserPermissionAuthorizationRequirement>
    {
        public MysqlDBContext mysqlDBContext;
        public UserPermissionAuthodrizationHandler(MysqlDBContext mysqlDBContext)
        {
            this.mysqlDBContext = mysqlDBContext;
        }

        protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, UserPermissionAuthorizationRequirement requirement)
        {
            #region 静态配置
            {
                //var Claims = context.User.Claims;
                //var UserRole = Claims.Where(x => x.Type == "UserRole").First().Value;
                //List<UserPermission> userPermission = mysqlDBContext.userPermissions.Where(x => x.PermissionValue == UserRole).ToList();
                //if (userPermission != null && userPermission.Count() > 0)
                //    context.Succeed(requirement);
                //else
                //    context.Fail(new AuthorizationFailureReason(this, "请求失败"));
            }
            #endregion

            #region 动态配置
            {
                //获取用户请求的接口
                bool bl = context.Resource is DefaultHttpContext;
                //开始鉴权
                if (bl == true)
                {
                    ClaimsPrincipal claimsPrincipal = context.User;
                    DefaultHttpContext defaultHttpContext = context.Resource as DefaultHttpContext;
                    string path = defaultHttpContext.Request.Path;
                    //context.Succeed(requirement);
                    if (requirement.PolicyName == "Role")
                    {
                        List<RolePermission> rolePermissions = mysqlDBContext.rolePermissions.ToList();
                        string userRole = claimsPrincipal.Claims.Where(x => x.Type == "UserRole").FirstOrDefault()?.Value;
                        bool x = rolePermissions.Where(x => x.PermissionName == userRole).ToList().Any(x => x.PermissionVale == path);
                        if (x)
                            context.Succeed(requirement);
                        else
                            context.Fail(new AuthorizationFailureReason(this, "请求失败"));
                    }
                    else if (requirement.PolicyName == "User")
                    {
                        List<UserPermission> userPermissions = mysqlDBContext.userPermissions.ToList();
                        string userName = claimsPrincipal.Claims.Where(x => x.Type == ClaimTypes.Name).FirstOrDefault()?.Value;
                        bool x = userPermissions.Where(x => x.PermissionName == userName).ToList().Any(x => x.PermissionValue == path);
                        if (x)
                            context.Succeed(requirement);
                        else
                            context.Fail(new AuthorizationFailureReason(this, "请求失败"));
                    }
                    //页面鉴权
                    else if (requirement.PolicyName == "page")
                    {

                    }
                    //else
                    //    context.Fail(new AuthorizationFailureReason(this, "请求失败"));
                }
                else
                    context.Succeed(requirement);
            }
            #endregion
        }
    }
}
